If I enter this command in a console: sudo ifconfig
of course I get the reply “sudo: ifconfig: command not found”
because sudo has a different path from root user.
But if I make a script called script.sh, containing ifconfig like so:
#!/bin/sh
ifconfig
and execute it with this command: sudo ./script.sh
well I get the correct answer. It finds the application ifconfig and runs it this time.
What I don’t understand is why “ifconfig” is found and executed properly when I run the script as sudo. Is that different from runnning the command directly as: “sudo ifconfig”?
Can someone please explain the nuance here that I don’t understand.
just before ifconfig in your script, it will be clear how it finds ifconfig. As to why $PATH is set when running a shell script, when you run
sudo ifconfig
no init files are read, so $PATH doesn’t change. When you run
sudo ./script.sh
It gets settings from init files. As to which init file it gets it from, a search
# grep -r "$PATH" /etc
matched /etc/default/su, and the line is:
SUPATH=/usr/sbin:/bin:/usr/bin:/sbin
A search showed that $SUPATH is the initial $PATH for root. Presumably sudo is following precedent. This is poorly documented, I didn’t see any mention of SUPATH in any man page.
will make you root without changing your environment (including the PATH variable).
Using
su -
Does start an new shell including all initialisation as done during at login (in a console/terminal). This means that things like .bashrc and .profile from the home directory of root are used and, among other things, the PATH according to these files is set. For security reasons this is important. A normal user may have added directories (including the infamous ./) to his PATH that contain programs with names (like ls) that can create everyting from amazement to disaster when executed as root.
So I always advise to use the - sign with su.
I wonder if one calling
sudo ifconfig
as ‘a’ user is sure that the right program is run?
Actually FYI I asked this because I wrote some code that interrogates the system for some information. It wasn’t a bash script. It is a compiled executable. But I was wondering why it will run fine with “sudo program_name” when I expected to be required to run it as “su -c program_name”.
No big deal but I was curious how it happens.
Ken_yap and you have shone a light on all of that for me now. Thanks guys.